1. /efs/dist/kerberos/mit/1.11.5/exec/bin/klist -k -t $KRB5_KTNAME
Keytab name: FILE: /tmp/myacct.keytab
KVNO Timestamp           Principal
---- ------------------- ------------------------------------------------------
   2 12/17/2014 15:30:08 mya...@common.bankofamerica.com

2. This is window client output recorded at the time:
Cached Tickets: (2)

#0>     Client: winlogin @ COMMON.BANKOFAMERICA.COM
        Server: krbtgt/COMMON.BANKOFAMERICA.COM @ COMMON.BANKOFAMERICA.COM
        KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
        Ticket Flags 0x40e00000 -> forwardable renewable initial pre_authen
        Start Time: 12/18/2014 13:13:36 (local)
        End Time:   12/18/2014 22:13:36 (local)
        Renew Time: 12/28/2014 13:13:36 (local)
        Session Key Type: RSADSI RC4-HMAC(NT)


#1>     Client: winlogin @ COMMON.BANKOFAMERICA.COM
        Server: HTTP/host2.site123.baml.com @ COMMON.BANKOFAMERICA.COM
        KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
        Ticket Flags 0x40a00000 -> forwardable renewable pre_authent
        Start Time: 12/18/2014 13:13:36 (local)
        End Time:   12/18/2014 21:33:36 (local)
        Renew Time: 12/28/2014 13:13:36 (local)
        Session Key Type: RSADSI RC4-HMAC(NT)

3. What is the window equivalent command on windows?

-----Original Message-----
From: Greg Hudson [mailto:ghud...@mit.edu] 
Sent: Monday, January 05, 2015 5:12 PM
To: Xie, Hugh; '<kerberos@mit.edu>'
Subject: Re: Wrong principal in request error on gss_accept_sec_context()

On 01/05/2015 04:04 PM, Xie, Hugh wrote:
> Any follow up on this issue? Do you need any more information? Should I turn 
> on debugger to see where this error occurred, if yes I need some pointer 
> which files to set break points.

I'm a bit confused by the information given so far, and I think some of my 
questions weren't clear enough.  Let's start over.

For the non-working server only:

1. On the server, run "klist -k" (or "klist -k -t /path/to/keytab" if the 
server is using a special keytab location).  What is the output?

2. On the client, run kinit so that you have a fresh credential cache, then try 
to connect.  Then run klist.  Other than 
krbtgt/common.bankofamerica....@common.bankofamerica.com, what service 
principal appears in the output?

3. On the client, run "kvno SPRINC", where SPRINC is the answer to question 2.  
What is the output?

----------------------------------------------------------------------
This message, and any attachments, is for the intended recipient(s) only, may 
contain information that is privileged, confidential and/or proprietary and 
subject to important terms and conditions available at 
http://www.bankofamerica.com/emaildisclaimer.   If you are not the intended 
recipient, please delete this message.
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to